ExtensionEngine · droguljic · Jun 16, 2021 · Jun 25, 2021 · Jul 6, 2021
diff --git a/config/server/index.js b/config/server/index.js
@@ -2,6 +2,7 @@
 
 const auth = require('./auth');
 const consumer = require('./consumer');
+const isIp = require('is-ip');
 const isLocalhost = require('is-localhost');
 const mail = require('./mail');
 const parse = require('url-parse');
@@ -15,6 +16,8 @@ const port = resolvePort();
 const origin = resolveOrigin(hostname, protocol, port);
 const previewUrl = process.env.PREVIEW_URL;
 
+validateStorageProxy(storage.proxy, hostname);
+
 module.exports = {
   protocol,
   hostname,
@@ -58,3 +61,9 @@ function resolveOriginPort(hostname) {
   if (REVERSE_PROXY_PORT === '80' || REVERSE_PROXY_PORT === '443') return '';
   return `:${REVERSE_PROXY_PORT}`;
 }
+
+function validateStorageProxy(proxy, hostname) {
+  if (isIp.v4(hostname) && /cloudfront/i.test(proxy.provider)) {
+    throw new Error('CloudFront storage proxy cannot be used alongside IPv4 host name');
+  }
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -91,6 +91,7 @@
     "humanize-string": "^2.1.0",
     "ioredis": "^4.24.2",
     "is-iexplorer": "^1.0.0",
+    "is-ip": "^3.1.0",
     "is-localhost": "0.0.2",
     "is-safari": "^1.0.0",
     "is-url": "^1.2.2",

diff --git a/server/shared/storage/proxy/mw.js b/server/shared/storage/proxy/mw.js
@@ -2,11 +2,17 @@
 
 const config = require('../../../../config/server');
 const { FORBIDDEN } = require('http-status-codes');
+const isIp = require('is-ip');
 const miss = require('mississippi');
 const path = require('path');
 const router = require('express').Router();
 const psl = require('psl');
 
+function getDomain() {
+  if (isIp.v4(config.hostname)) return null;
+  return psl.parse(config.hostname).domain;
+}
+
 module.exports = (storage, proxy) => {
   function getFile(req, res, next) {
     const key = req.params[0];
@@ -24,7 +30,7 @@ module.exports = (storage, proxy) => {
     if (proxy.hasCookies(req.cookies, repositoryId)) return next();
     const maxAge = 1000 * 60 * 60; // 1 hour in ms
     const cookies = proxy.getSignedCookies(repositoryId, maxAge);
-    const { domain } = psl.parse(config.hostname);
+    const domain = getDomain();
     const cookieOptions = { domain, maxAge, httpOnly: true };
     Object.entries(cookies).forEach(([cookie, value]) => {
       res.cookie(cookie, value, cookieOptions);